This is a statement on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).

Data Controller

Codemic Oy Business ID: 3173549-9
Address: Tanskankatu 9 C 9, 20740 TURKU
Phone: +358440712343
Email: mikko.heikkila@codemic.fi

Contacts regarding data protection matters

Data Protection Officer
Mikko Heikkilä
Phone: +358440712343
Email: mikko.heikkila@codemic.fi

In all questions related to the processing of personal data and in situations related to the exercise of one’s own rights, the registered person is advised to contact the data protection officer.

Name of the Personal Register

Customer Register

Basis and Purpose of Processing Personal Data

The legal basis for the processing of personal data is the consent given by the registered individual for the processing of their personal data.

The purpose of processing personal data is the backup and archiving of contacts sent through the contact form. The aim of the processing is to ensure that we can reliably and securely store and process all contacts so that we can respond to the questions, feedback, or provide the requested services. Personal data, such as name, email address, and phone number, are used for individual processing of contacts and delivering an appropriate response.

Personal Data Processed

The data controller collects from the registered individuals only such personal data that are essential and necessary for the purposes described in this data protection statement.

The following information is processed about the registered individuals:

  • Name
  • Email
  • Phone Number

Data Retention Period

The data controller processes personal data for a period of 4 years. After this period, the data controller deletes or anonymizes the data within 1 year in accordance with their deletion processes. The data controller may be obligated to process some of the personal data in the register for longer than stated above to comply with legislation or regulatory requirements.

Rights of the Registered Individual

Right to Access Personal Data

The registered individual has the right to receive confirmation on whether personal data concerning them is being processed, and if so, the right to receive a copy of their personal data.

Right to Rectification

The registered individual has the right to request the correction of inaccurate and incorrect personal data concerning them. They also have the right to have incomplete personal data completed by providing the necessary additional information.

Right to Erasure

The registered individual has the right to request the deletion of personal data concerning them if:
a. the personal data are no longer needed for the purposes for which they were collected;
b. the registered individual withdraws their consent on which the processing is based, and there is no other legal ground for the processing; or
c. the personal data have been unlawfully processed.

Right to Restriction of Processing

The registered individual has the right to restrict the processing of personal data concerning them if:
a. the registered individual contests the accuracy of their personal data;
b. the processing is unlawful and the registered individual opposes the erasure of the personal data and requests the restriction of their use instead; or
c. the data controller no longer needs the personal data for the original purposes of processing, but the registered individual requires them for the establishment, exercise or defense of legal claims.

Right to Withdraw Consent

The registered individual has the right to withdraw their consent to the processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Data Portability

The registered individual has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

Right to Lodge a Complaint with a Supervisory Authority

The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman, which operates in connection with the Ministry of Justice. You have the right to bring your case before the supervisory authority if you consider that the processing of personal data relating to you infringes the applicable legislation.